Commit graph

51 commits

Author SHA1 Message Date
Andy Lutomirski
9079ec459c webconfig: fixes for token security
* Use 16-byte tokens
 * Use os.urandom (random.getrandbits shouldn't be used for security)
 * Convert to hex correctly
2014-08-22 15:44:43 +08:00
Andy Lutomirski
aaddccfdb1 webconfig: Use a constant-time token comparison
This prevents a linear-time attack to recover the auth token.
2014-08-22 15:39:13 +08:00
David Adam
4ae2753025 Authenticate connections to web_config service
- Require all requests to use a session path.
 - Use a redirect file to avoid exposing the '/start' URL on the
   command line, as it contains the cookie value.

Fix for CVE-2014-2914.
Closes #1438.
2014-08-04 13:34:26 +08:00
ridiculousfish
b6658c5497 Render sample prompts faster in fish_config by using a thread pool 2014-07-29 12:12:32 -07:00
David Xia
adabc2d7a0 Fix fish_config error with python3
Closes #1253.
2014-07-28 22:02:55 +08:00
Siteshwar Vashisht
317660c2fe Avoid using OptionParser to parse bindings in webconfig.py
OptionParser eats commaandline arguments passed to bind actions, so avoid using it.
2014-07-25 08:39:31 +05:30
ridiculousfish
f6a89d13c2 Merge branch 'master' of github.com:fish-shell/fish-shell 2014-07-23 22:27:37 -07:00
Siteshwar Vashisht
3e01dd955f Updated code to parse bindings in webconfig.py 2014-07-23 01:53:15 +05:30
adisbladis
27fa0ea9d7 "webconfig.py: Don't allow NoneType as buffer, fallback to bytes.
Fixes TypeErrors when using bindings tab"
2014-07-22 12:31:57 +02:00
Siteshwar Vashisht
7b3132d39d Fixed code to parse bindings for webconfig 2014-06-08 16:05:00 +05:30
Anders Bergh
44b35f7735 fish_config: Listen on both IPv6 and IPv4.
A subclass of TCPServer was created to deny any non-local connections and to
listen using an IPv6 socket.
2014-03-31 10:06:46 -07:00
Konrad Borowski
6d749789ce Use 127.0.0.1 for fish config.
Before this change, fish config used 0 as its address. However, this
isn't a good idea from security point of view, as web service can be
accessed from everywhere, and do anything on the account it was ran on.

This also deals with firewalls which block the access to 0 even from
the host machine itself. It possibly might fix #673, but I'm not sure.
2014-02-27 14:47:08 +01:00
ridiculousfish
77dbaf3aef Fix for Python out-of-range exception when accessing Bindings tab 2014-02-09 20:19:04 -08:00
Siteshwar Vashisht
a1b43b7a09 Fix for opening bindings tab as initial tab
'fish_config bindings' command should open bindings tab as initially active tab
2014-01-30 23:53:49 +05:30
Siteshwar Vashisht
646180518a Minor fixes in the colors tab
* Show color scheme title in preview box
* Show information about setting terminal background color on Apply
button mouse hover
* Added text_color_for_color method in colors controller scope
2013-12-07 13:12:43 +05:30
Siteshwar Vashisht
659541f4a5 Merge branch 'master' into fish_config_angular 2013-12-07 09:50:59 +05:30
d10n
168d25e780 Do not open CLI browsers when using fish_config.
From the Python webbrowser documentation:
"If text-mode browsers are used, the calling process will block until the user exits the browser."

Running fish_config on an ssh server with no GUI browser will open a CLI browser which blocks and stops the server from handling requests.
Using multiprocess to run the server in the background lets CLI browsers access the page, but the page is unusable.

For now, disable CLI browsers and recommend opening the page in a graphical browser.
In the future, maybe write a CLI utility to change prompts and delete history items.
2013-11-26 00:41:09 -08:00
Siteshwar Vashisht
63233655f4 Updated fish_config prompt tab 2013-11-09 18:26:44 +05:30
Siteshwar Vashisht
9e424ed921 Show actual binding if user clicks a binding item 2013-10-27 18:51:50 +05:30
Siteshwar Vashisht
be55d2c57f Updated handling escape character in binding parser 2013-10-25 00:05:26 +05:30
Siteshwar Vashisht
aed26f8c1e Added code for parsing end key 2013-10-22 23:08:30 +05:30
Siteshwar Vashisht
6482fd52fb Moved some color related methods from index.html to colorutils.js 2013-10-22 23:00:38 +05:30
Siteshwar Vashisht
80a48be324 Changed scheme for loading key bindings 2013-10-20 15:03:47 +05:30
Siteshwar Vashisht
0ad6e6f459 Updated binding tab to show descriptive key names 2013-10-17 19:47:04 +05:30
Siteshwar Vashisht
885c23b453 Show readable description of bindings 2013-10-17 19:47:04 +05:30
Siteshwar Vashisht
04f518082c Initial implementation of bindings tab 2013-10-17 19:47:04 +05:30
Siteshwar Vashisht
c018bfdb4d Initial work to add support for angularjs 2013-10-17 19:47:03 +05:30
Konrad Borowski
a1020b3e61 Remove useless semicolon in webconfig.py 2013-09-08 20:19:43 +02:00
Siteshwar Vashisht
379cf3d249 Converted tabs to spaces in webconfig script 2013-07-06 21:09:20 +05:30
ridiculousfish
2517832718 Teach fish_config how to find fish from __fish_bin_dir
Fixes https://github.com/fish-shell/fish-shell/issues/621
2013-04-15 14:15:47 -07:00
Anders Bergh
56dd25667d Make fish_config compatible with Python 2.5
Try to import parse_qs from the cgi module, and simplejson instead of json.
Use old string formatting. str.format() was backported from Python 3
to 2.6 and isn't available in 2.5.
2012-12-12 12:51:55 +01:00
ridiculousfish
211b9ea8b9 Added terlar's prompt, and robbyrussell which was inadvertently omitted
https://github.com/fish-shell/fish-shell/issues/329
2012-10-15 18:45:46 -07:00
Peter Ammon
86a978d9ee Fixed web_config prompt to work with Python 2.6.1 2012-09-10 02:11:06 -07:00
ridiculousfish
f6fe3df59b Fix to make prompt chooser work in Python3 2012-09-06 19:01:07 -07:00
ridiculousfish
e0764bb25e Improve python3 compatibility in webconfig.py 2012-09-06 02:03:21 -07:00
ridiculousfish
3589554028 Allow setting the prompt from web_config 2012-09-06 01:30:26 -07:00
ridiculousfish
3606664cf7 Merge branch 'webserver' of git://github.com/simukis/fish-shell into simukis-webserver
Conflicts:
	share/tools/web_config/webconfig.py
2012-08-20 12:03:39 -07:00
ridiculousfish
81f45208b0 Make history deletion from web config work properly with Unicode under both Python2 and Python3
Make the filter search field hide properly in tabs where it's non-functional
Fixes https://github.com/fish-shell/fish-shell/issues/265
2012-08-20 11:58:54 -07:00
Simonas Kazlauskas
ef566836c4 Wipe unnecessary as statement 2012-08-19 23:26:15 +03:00
Simonas Kazlauskas
10dfca1a75 Decode data in python3 – Fixes #265.
In both in python2 and python3 parse_qs expects str object. In
python2 it worked ok, because self.rfile was open in binary mode and
str in python2 is actually a string of bytes. However in python3 str is
actually string of unicode literals, not bytes and file was still open
in binary mode. Thus, deleting any file with non-ascii byte inside
filename failed in python3.

Also, cgi.parse_qs is deprecated and shouldn't be used.
2012-08-19 23:19:07 +03:00
Simonas Kazlauskas
b3e3f041fe Remove trailing spaces and replace tabs with spaces 2012-08-19 22:55:50 +03:00
ridiculousfish
f41a699f5d Fix to make the choose-a-port loop work correctly for webconfig.py under Python3 2012-08-17 01:14:05 -07:00
ridiculousfish
f6b76e6ecb Fix to allow specifying an initial tab in fish_config
For example, you can run "fish_config history"
2012-07-27 13:40:43 -07:00
ridiculousfish
e7cbcc83a4 Implemented history deletion from fish_config
Fixes https://github.com/fish-shell/fish-shell/issues/250
2012-07-27 00:31:00 -07:00
Adam
a49d245b92 Python3 fixes for webconfig.py 2012-06-05 20:40:51 -07:00
ridiculousfish
53cba2a2e6 Improved webconfig.py's handling of combined term256 and classic colors 2012-06-05 01:19:59 -07:00
ridiculousfish
4bd63020ca Fix to add a little explanatory text to colors in the web config interface 2012-05-08 17:10:38 -07:00
ridiculousfish
37defa739b Fix for an extra line at the end of the variable listing
Once again, fix the issue where some color cells aren't clickable
2012-04-01 01:31:38 -07:00
ridiculousfish
ff17101316 A little better support for non-term-256 colors in web config
Fix for a deadlock when autoloading a function triggers autoloading another function
2012-03-31 15:17:14 -07:00
ridiculousfish
a11687fc5c Make the functions builtin have a bit nicer output
Stop autosuggesting things with newlines
Make webconfig a little nicer
2012-03-25 22:41:22 -07:00